Scientists have devised a series of novel and inexpensive attacks that can severely disrupt mission-critical global positioning systems relied on by the military and a variety of industrial players, including airlines, mining companies, and operators of hydroelectric plants and other critical infrastructure.

Unlike previous GPS attacks, the one developed by a team of scientists from Carnegie Mellon University and a private navigation company exploits software bugs in the underlying receivers. That allows the attacks to be stealthier and more persistent than earlier exploits, which primarily relied on signal jamming and spoofing. Prototype hardware that cost only $2,500 to build is able to cause a wide variety of GPS devices within a 30 mile radius to malfunction. Because many of those devices are nodes on special networks that make GPS signals more precise, the attacks have the effect of disrupting larger systems used in aviation, military, and critical infrastructure.

The PCSS, or phase-coherent signal synthesizer, that they developed simultaneously receives and transmits civil GPS signals. It carries out many of the same things done by spoofers used in earlier GPS attacks. But instead of merely providing false information designed to compromise the accuracy of the GPS readings, it includes data that exploits weaknesses in the firmware of nearby receivers, many of which use the Internet to share their readings with other machines. The success of the PCSS is the result of an almost complete lack of authentication in the devices that send and receive GPS signals.

"Our findings suggest despite the fact that GPS is an unauthenticated broadcast protocol, current receivers treat any incoming signal as guaranteed correct," the scientists wrote in a research paper. "Worse, receivers often run full OSes with network services. Together, the possibility of RF [radio frequency] and ethernet attacks creates a large attack surface."

The "middle-of-the-earth" attack works by instructing the PCSS to set a satellite's semi major axis to zero. That causes NetRS receivers as far away as 30 miles to use the number as a divisor when calculating the satellite's orbit. As a result, the device goes into an endless reboot loop that persists even after the incorrect data is no longer supplied. The researchers created the following video demonstration of the attack:

GPS demo

In all, the scientists devised attacks that worked on the NetRS and eight other GPS receiver models, including those used by consumers, aviation pilots, and operators of industrial equipment. One such attack had devastating consequences for the Arbiter 1094B Substation Clock used as an accurate time source for equipment in electrical power stations. It used the PCSS to set the time one week beyond the current week but otherwise include all other data sent in a navigation message.

The scientists used the technique to simulate rollover events by alternating between high, low, and medium week numbers, eventually shifting its time by around 100 years. Since the Arbiter showed no ability to compare the settings to internal clock settings, it suffered permanent damage when it was exposed to the exploit.

"Multiple days without power, attempts to change the date through commands over the serial console, and reloading the firmware of the device proved unsuccessful for decrementing the year on the clock, rendering the device practically useless as a sub-microsecond accurate time source," the researchers wrote.

EGADS, no easy fix

Because the attacks exploit bugs in potentially millions of stand-alone devices, it's not possible to roll out a single patch for the GPS vulnerability. The research paper proposes what's called EGADS. Short for Electronic GPS Attack Detection System, it would work as the GPS equivalent to the intrusion detection systems used to detect attacks in enterprise networks. EGADS would use rule-based and anomaly-based components to detect bad values and data that deviates from known almanac data.

Longer term fixes will require engineers to build data-level and OS-level defenses into the GPS receivers they design. In theory, military systems already have a solution in place for these attacks. But in many cases, military systems rely on civilian GPS signals, so they aren't immune, Tyler Nighswander, one of the researchers, told Ars.

Besides Nighswander and David Brumley of Carnegie Mellon, the other researchers who wrote the paper included Brent Ledvina, Jonathan Diamond, and Robert Brumley of Coherent Navigation, which provides GPS services and products. They presented their research at the 19th ACM Conference on Computer and Communications Security in October, but the paper only came to wider attention recently.

Now that GPS has morphed from a limited-purpose positioning system into a ubiquitous trusted source for navigation, position and timing, the failure to fix the vulnerabilities carries serious consequences, they warned.

"The intricate nature of today's GPS devices has created a large attack surface," they wrote. "Previous approaches have treated GPS security as an issue of hardware and signal analysis, but many traditional software security lessons have yet to be learned by GPS manufacturers. Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack."

Promoted Comments

GPS is not only used for navigation. I work at an insurance company, and we have dedicated GPS receivers at each of our sites to use the synchronized atomic clocks of the GPS satellites as an NTP source for timing. Financial transactions need to be timestamped correctly, not to mention the network and computers that are transmitting all of that and logging things. The ability to adjust the clock on a GPS system is a big deal, because when our times start skewing more than a few minutes off, network authentication starts breaking, and when we can't accurately determine the order of financial transactions, big government agencies start asking questions.

GPS actually has a long history with commercial airlines. The FAA played a large part in having the government turn off "Selective Availability" which was a false error introduced in GPS to make it less desirable for US enemies who may try using GPS for missile guidance, so that airlines could start actually counting on GPS to be accurate and use it for navigation.

Any commercial airliner will have backup navigation devices (radar and inertial devices), but GPS gets heavily used just because it is so much easier and incredibly accurate. Pilots are required to be able to navigate by alternate means to get their license, but given how rare it is for a GPS to malfunction in normal use, it's hard to say how much practice they have piloting in GPS denied circumstances. Things like autopilot will also rely on GPS because in just about all cases, it is the most accurate tool someone could ask for.

One very concrete example is WAAS (this is a DGPS corrections network similar to the CORS network mentioned in the paper, but developed by the FAA, which actually broadcasts over the air like GPS). From the FAA's website ( http://www.faa.gov/about/office_org/hea ... gnss/waas/ ) "WAAS provides service for all classes of aircraft in all phases of flight - including en route navigation, airport departures, and airport arrivals. This includes vertically-guided landing approaches in instrument meteorological conditions at all qualified locations throughout the NAS."

There is also ADS-B, the GPS-based air traffic control system, which is starting to get rolled out.

So the short of it is: GPS is used pretty heavily in aircraft, though there should be procedures to take in case it breaks.

In normal operation, a $1,000 GPS receiver can replace a $15,000+ atomic clock, or a $30 GPS receiver can act as an always synchronized, no hassle clock. Places that use this include: NTP servers, SCADA equipment, traffic lights(!), some cell phone base stations, utility companies (in the form of PMUs), and a lot more.

cell phone base stations (aka femtocells) also use GPS for E911 purposes, so they really do use the "positioning" part.

One very concrete example is WAAS (this is a DGPS corrections network similar to the CORS network mentioned in the paper, but developed by the FAA, which actually broadcasts over the air like GPS). From the FAA's website ( http://www.faa.gov/about/office_org/hea ... gnss/waas/ ) "WAAS provides service for all classes of aircraft in all phases of flight - including en route navigation, airport departures, and airport arrivals. This includes vertically-guided landing approaches in instrument meteorological conditions at all qualified locations throughout the NAS."

I learned about WAAS recently while investigating external GPS receivers to improve the accuracy of My Tracks for Android for driving in "urban canyon" environments (downtown SF, for example). I recorded a track with a Nexus 4 sitting on the passenger seat (because I didn't have a car dock for it), and was amazed how much the position jumped around due to the buildings, even when stopped at an intersection. A car dock would've helped, but I'm not sure how much (and Nexus 4 supports GLONASS).

I bought a Garmin GLO Bluetooth GPS + GLONASS + WAAS receiver for $99. The same model is sold to pilots for $129 (GLO for Aviation), with the only difference being a 6-month trial to a mapping service for pilots. GPS + WAAS is accurate in real-world testing to ~1m horizontal and vertical position, while GPS alone is only accurate to about 5m on a good day. There are a lot of really cool charts and graphs on the WAAS test team website showing current satellite positions, visibility, and status.

Why is information like this publicly reported? Shouldn't it be fixed before it is even reported to the public? I always worry that public dissemination of exploits like this are dangerous. I can imagine some cyber-terrorist working for a random cause or rogue country reading this article and smiling.

This has been discussed time and time again, but some important points to consider:

1. If this information remained private to the GPS manufacturers, where's the pressure to fix the problem. There are plenty of examples of software developers saying "Well, nobody's using the attacks in the wild, and nobody knows about it, so why bother spending the money to fix it." When the public knows about it, there's at least some pressure on the companies to fix the problem.

2. At least when people know about the floors in the system, they'll be a bit more wary about trusting it.

3. Even if the information was kept private, what's to stop random employees from leaking it?

4. It's foolish to think that someone else couldn't develop the attack independently anyway. If university researcher's can come up with this, then so can engineers working for a nation state. All of this stuff is within the realm of what could be accomplished by a reasonably experienced hobbyist with a bit of time and money on their hands.

Quote:

Most of the article seems like fear-mongering.

If you want to talk about making receivers more fault tolerant, that's fine. But you can do all you want in terms of making the software work better and it won't protect you from someone broadcasting on L1 and turning up the power to saturate your RF front-end and stop you from seeing anything. It doesn't even take that much power.

Denying GPS coverage is not difficult if you are targeting a civilian receiver.

Actually this is significantly more serious than what you're talking about. Sure you can jam GPS signals, but you have to keep transmitting, which makes it easy to trace. As soon as you switch the jammer off, everythings starts working fine again. The researchers behind this paper managed to permanently brick a $19000 piece of equipment simply by transmitting one malformed signal. With suitable signal coverage distance, you could literally do millions of dollars of damage at the press of a button. And it would only take a fraction of a second, so by the time anyone started to try tracing the signal, it would already by done.

Airlines using GPS? That's new.. I've heard of ATC being provided using GPS, but that's only where radar coverage isn't available. The only time an airliner uses GPS is when it's on the ground, and even then it's of limited use as initial input values. Otherwise you can just as easily use coordinates provided by the airport since parking positions are well known and fixed. The aircraft positioning is self contained for the most part, because obviously attacks like these have always been possible. Commonly referred to as INS, Inertial Navigation System.

GPS has been used informally for VFR flight since it first came out. I had a friend who flew a Cessna 170 from Minneapolis, MN to Anchorage, AK basically by holding one of the first receivers out the window.

I think it was Alaska Airlines that certified the first GPS approach into Sitka, AK in the late 80's or early 90's and since then more and more non-percision approaches i.e.: NDB or VOR have been replaced by GPS.

GPS is not only used for navigation. I work at an insurance company, and we have dedicated GPS receivers at each of our sites to use the synchronized atomic clocks of the GPS satellites as an NTP source for timing. Financial transactions need to be timestamped correctly, not to mention the network and computers that are transmitting all of that and logging things. The ability to adjust the clock on a GPS system is a big deal, because when our times start skewing more than a few minutes off, network authentication starts breaking, and when we can't accurately determine the order of financial transactions, big government agencies start asking questions.

GPS actually has a long history with commercial airlines. The FAA played a large part in having the government turn off "Selective Availability" which was a false error introduced in GPS to make it less desirable for US enemies who may try using GPS for missile guidance, so that airlines could start actually counting on GPS to be accurate and use it for navigation.

Any commercial airliner will have backup navigation devices (radar and inertial devices), but GPS gets heavily used just because it is so much easier and incredibly accurate. Pilots are required to be able to navigate by alternate means to get their license, but given how rare it is for a GPS to malfunction in normal use, it's hard to say how much practice they have piloting in GPS denied circumstances. Things like autopilot will also rely on GPS because in just about all cases, it is the most accurate tool someone could ask for.

One very concrete example is WAAS (this is a DGPS corrections network similar to the CORS network mentioned in the paper, but developed by the FAA, which actually broadcasts over the air like GPS). From the FAA's website ( http://www.faa.gov/about/office_org/hea ... gnss/waas/ ) "WAAS provides service for all classes of aircraft in all phases of flight - including en route navigation, airport departures, and airport arrivals. This includes vertically-guided landing approaches in instrument meteorological conditions at all qualified locations throughout the NAS."

There is also ADS-B, the GPS-based air traffic control system, which is starting to get rolled out.

So the short of it is: GPS is used pretty heavily in aircraft, though there should be procedures to take in case it breaks.

Just out of curiosity, does anyone have information to elaborate on the use of GPS by "operators of hydroelectric plants"? I associate hydroelectric power with dams across rivers and they don't seem likely to be moving very far or fast (at least not in normal operation... the occasional flood disaster excepted).

In fixed installations like these the GPS is almost certainly used solely for getting an accurate time signal that you know will be the same at other locations. It's for synchronization.

Airlines using GPS? That's new.. I've heard of ATC being provided using GPS, but that's only where radar coverage isn't available. The only time an airliner uses GPS is when it's on the ground, and even then it's of limited use as initial input values. Otherwise you can just as easily use coordinates provided by the airport since parking positions are well known and fixed. The aircraft positioning is self contained for the most part, because obviously attacks like these have always been possible. Commonly referred to as INS, Inertial Navigation System.

It's been a while since I was involved with it, but from what I recall the NextGen ATC system that the FAA is working on deploying is GPS based - the idea being that it is more accurate than radar. How quickly it will actually get implemented is another matter.

If my recollection is right, this suggests that it would be worthwhile to maintain long-term radar redundancy, regardless of cost.

GPS is not only used for navigation. I work at an insurance company, and we have dedicated GPS receivers at each of our sites to use the synchronized atomic clocks of the GPS satellites as an NTP source for timing. Financial transactions need to be timestamped correctly, not to mention the network and computers that are transmitting all of that and logging things. The ability to adjust the clock on a GPS system is a big deal, because when our times start skewing more than a few minutes off, network authentication starts breaking, and when we can't accurately determine the order of financial transactions, big government agencies start asking questions.

This is very true. It turns out while GPS for navigation data is well known (the "P" does stand for positioning, after all), timing is one of the most important uses of GPS receivers.

In normal operation, a $1,000 GPS receiver can replace a $15,000+ atomic clock, or a $30 GPS receiver can act as an always synchronized, no hassle clock. Places that use this include: NTP servers, SCADA equipment, traffic lights(!), some cell phone base stations, utility companies (in the form of PMUs), and a lot more.

In normal operation, a $1,000 GPS receiver can replace a $15,000+ atomic clock, or a $30 GPS receiver can act as an always synchronized, no hassle clock. Places that use this include: NTP servers, SCADA equipment, traffic lights(!), some cell phone base stations, utility companies (in the form of PMUs), and a lot more.

cell phone base stations (aka femtocells) also use GPS for E911 purposes, so they really do use the "positioning" part.

This is ridiculous! One would think that software engineers working on ***GPS*** would take more care than this; especially given that GPS technology originated in the military, and robust mechanisms for calculating position & time correctly and avoiding these errors should have been written into standards published decades ago. Obviously, I've been too optimistic! How can I get a job for one of these companies, fixing this shoddy code?

Do you even know what you're talking about here?

I think he may specifically be referencing the "division by zero" causing device failures even to the point of bricking one or more of the devices. There's really no excuse for that, it can be handled much more gracefully and you should never trust external data sources so implicitly that you don't check for out-of-bounds values that simply should never be seen ("sanity checking").

Why do most military GPS systems rely on Civilian signals? This is why.

It is a rule that all military hardware has to have SAASM capability to harden it to spoofing. What you might not realize however, is that SAASM is useless without a crypto key loaded into the GPS unit.

true

Quote:

What you further might not realize is that most of these keys are kept on paper-tape which must be read through a seriously cold war piece of hardware.

false.

Quote:

This hardware is normally only kept at a couple of bases in any given Theater to protect it from theft/accidental dissemination

true

Quote:

(if it gets leaked, the SAASM systems are compromised).

false

Quote:

The problem is that GPS units get delivered to their Forward Operating Bases (FOBs) directly. To key them, they need to then be brought to the closest base with a key loader which is often 100s of kilometers away.

not true any more.

Quote:

There are literally thousands of GPS systems in country, with old ones being damaged or needing replacement regularly. And in most systems, if the storage battery dies, the key is lost (our systems required a battery removal/reinstallation before first boot in theater to reliably work, so shipping them keyed doesn't work either). This means the vast majority of military GPS in warzones, do not have access to the military GPS signals, nor are the protected from spoofing or jamming. It's kind of scary when you think about it.

Most of the data in this post is 1. close but wrong2. just plain wrong3. was made wrong by events(sorry Tegid. not meaning to poke you in the eye)

SAASM Over The Air Distribution of key has been going for over a year. Works great. If you're a US military member with a SAASM receiver (like a DAGR) in your bag or integrated into your truck, and you have current crypto key, just turn it on and leave it on for a half hour (really, only 12.5 minutes, but longer can't hurt). Grab lunch, take a smoke break. Boom. You have next month's key. Repeat every month, and you're keyed and ready to go. You only need to go to your COMSEC custodian or CRO once per year now (unless you remove the memory battery, of course)

If you use it in an integrated system where its on all the time, you most likely are getting keyed all the time. It just has to be "NAVIGATING" on the screen.

Early next year, you'll be seeing a video on MilTube that shows you how it all works. Just search for "GPS information for the warfighter". Disregard the one that's on there now... it was good, but its outdated now.

bottom line US military dudes - get keyed, then, turn it on and leave it on for about a half hour once a month.

GPS is not only used for navigation. I work at an insurance company, and we have dedicated GPS receivers at each of our sites to use the synchronized atomic clocks of the GPS satellites as an NTP source for timing. Financial transactions need to be timestamped correctly, not to mention the network and computers that are transmitting all of that and logging things. The ability to adjust the clock on a GPS system is a big deal, because when our times start skewing more than a few minutes off, network authentication starts breaking, and when we can't accurately determine the order of financial transactions, big government agencies start asking questions.

You would have to be an idiot to move clocks by an amount larger than the slop window for KERBEROS type authentication. Transactions would only have to be microseconds behind.

One very concrete example is WAAS (this is a DGPS corrections network similar to the CORS network mentioned in the paper, but developed by the FAA, which actually broadcasts over the air like GPS). From the FAA's website ( http://www.faa.gov/about/office_org/hea ... gnss/waas/ ) "WAAS provides service for all classes of aircraft in all phases of flight - including en route navigation, airport departures, and airport arrivals. This includes vertically-guided landing approaches in instrument meteorological conditions at all qualified locations throughout the NAS."

There is also ADS-B, the GPS-based air traffic control system, which is starting to get rolled out.

So the short of it is: GPS is used pretty heavily in aircraft, though there should be procedures to take in case it breaks.

Well don't forget GPS is a northern hemisphere biased system, and even in the north there are occasions where the system "breaks down" due to a lack of sufficient redundancy. But my understanding it's usually no more than 30 minutes at a time. So when pilots say they have a GPS based navigation system they really are referring to WAAS/GNSS capable devices, and not just "GPS" as you would find in a car. The ADS transponders are already pretty popular, plenty cool sites like the one below are providing ATC coverage in real time, but you can't rely on a transponder to always tell the truth, or even be turned on.

One very concrete example is WAAS (this is a DGPS corrections network similar to the CORS network mentioned in the paper, but developed by the FAA, which actually broadcasts over the air like GPS). From the FAA's website ( http://www.faa.gov/about/office_org/hea ... gnss/waas/ ) "WAAS provides service for all classes of aircraft in all phases of flight - including en route navigation, airport departures, and airport arrivals. This includes vertically-guided landing approaches in instrument meteorological conditions at all qualified locations throughout the NAS."

I learned about WAAS recently while investigating external GPS receivers to improve the accuracy of My Tracks for Android for driving in "urban canyon" environments (downtown SF, for example). I recorded a track with a Nexus 4 sitting on the passenger seat (because I didn't have a car dock for it), and was amazed how much the position jumped around due to the buildings, even when stopped at an intersection. A car dock would've helped, but I'm not sure how much (and Nexus 4 supports GLONASS).

I bought a Garmin GLO Bluetooth GPS + GLONASS + WAAS receiver for $99. The same model is sold to pilots for $129 (GLO for Aviation), with the only difference being a 6-month trial to a mapping service for pilots. GPS + WAAS is accurate in real-world testing to ~1m horizontal and vertical position, while GPS alone is only accurate to about 5m on a good day. There are a lot of really cool charts and graphs on the WAAS test team website showing current satellite positions, visibility, and status.

Mission-critical military systems like missiles and bombs cannot be disrupted by a GPS attack. They have inertial guidance, which is not as accurate, but it is still accurate enough to complete the mission.

Why is information like this publicly reported? Shouldn't it be fixed before it is even reported to the public? I always worry that public dissemination of exploits like this are dangerous. I can imagine some cyber-terrorist working for a random cause or rogue country reading this article and smiling.

This has been discussed time and time again, but some important points to consider:

1. If this information remained private to the GPS manufacturers, where's the pressure to fix the problem. There are plenty of examples of software developers saying "Well, nobody's using the attacks in the wild, and nobody knows about it, so why bother spending the money to fix it." When the public knows about it, there's at least some pressure on the companies to fix the problem.

2. At least when people know about the floors in the system, they'll be a bit more wary about trusting it.

3. Even if the information was kept private, what's to stop random employees from leaking it?

4. It's foolish to think that someone else couldn't develop the attack independently anyway. If university researcher's can come up with this, then so can engineers working for a nation state. All of this stuff is within the realm of what could be accomplished by a reasonably experienced hobbyist with a bit of time and money on their hands.

Quote:

Most of the article seems like fear-mongering.

If you want to talk about making receivers more fault tolerant, that's fine. But you can do all you want in terms of making the software work better and it won't protect you from someone broadcasting on L1 and turning up the power to saturate your RF front-end and stop you from seeing anything. It doesn't even take that much power.

Denying GPS coverage is not difficult if you are targeting a civilian receiver.

Actually this is significantly more serious than what you're talking about. Sure you can jam GPS signals, but you have to keep transmitting, which makes it easy to trace. As soon as you switch the jammer off, everythings starts working fine again. The researchers behind this paper managed to permanently brick a $19000 piece of equipment simply by transmitting one malformed signal. With suitable signal coverage distance, you could literally do millions of dollars of damage at the press of a button. And it would only take a fraction of a second, so by the time anyone started to try tracing the signal, it would already by done.

As a developer for GNSS, the bricking of one of my companies products is seriously scary.

However, with some user control, unless the Receiver itself is being fully bricked, selection and exclusions of various SVs by users will allow 'weeding' of bad signals out of then solution, allowing it to resume correct positioning.

As for bad input bricking receivers, ideally, any open input device should be able to intercept and discard potentially dangerous signals / input. This is clearly a major firmware issue.

Actually this is significantly more serious than what you're talking about. Sure you can jam GPS signals, but you have to keep transmitting, which makes it easy to trace. As soon as you switch the jammer off, everythings starts working fine again. The researchers behind this paper managed to permanently brick a $19000 piece of equipment simply by transmitting one malformed signal. With suitable signal coverage distance, you could literally do millions of dollars of damage at the press of a button. And it would only take a fraction of a second, so by the time anyone started to try tracing the signal, it would already by done.

Pretty scary stuff. I agree with what you are saying, but the risk factors just escalated.

q/ While not trying to come across as a Luddite, but it may not be a bad idea to keep up-to-date paper charts and a sextant at hand. Although requiring more time and user skill, they are pretty much impossible to spoof, hack, or take offline... /q

As a note to developers out there. If you are using GPS for anything 'serious', use multiple GPS receivers, local clocks (atomic and not) and inertial nav systems, and a Kalman filter to even things out (for position and/or time).

Oh, on top of this, if you are using GPS for clock stuff, don't ever just set your time off it. Always skew a clock frequency and limit the skew rate. If you ever hit the maximum skew rate raise an error condition because one part of you system has gone all crazy on you (local clock or GPS).

Many people are are way to trusting of what comes in over the air, especially if they think they transmitted it in the first place.

Why do most military GPS systems rely on Civilian signals? This is why.

It is a rule that all military hardware has to have SAASM capability to harden it to spoofing. What you might not realize however, is that SAASM is useless without a crypto key loaded into the GPS unit. What you further might not realize is that most of these keys are kept on paper-tape which must be read through a seriously cold war piece of hardware. This hardware is normally only kept at a couple of bases in any given Theater to protect it from theft/accidental dissemination (if it gets leaked, the SAASM systems are compromised).

This is simply not true. Military nav systems do not use GPS data that was not produced with crypto loaded as valid for navigation.

Loading keys is trivial and is regularly done on ships and airplanes while out on deployment.

Sorry, I should have limited my sphere. You are correct in that GPS integrated into a delivered vehicle or on a large platform (like a ship or aircraft) will be keyed. The product more or less ships keyed since it is an integrated product. Edit: Though the spoofing and capture of the American drone by the Iranians would seem to suggest that that particular aircraft was NOT correctly keyed.

However most of the currently in Theater capabilities for ground vehicles which use GPS are bolted on in theater and in that case are rarely keyed correctly since they are shipped by civilian contractors through their military buyers. They don't have access to the keys when they roll them off the factory line. They get accepted at the factory, packaged and shipped into their operational environment. There they are unpacked, bolted onto whatever vehicle or platform they are used on and rarely ever keyed at that point.

I honestly think this is primarily a symptom of the rapid response requirements of the current conflicts. Once units start getting delivered in CONUS, this will change. So let me specify more clearly since I did make a mistake in my original post.

Bolt on upgrades to systems which are deployed onto existing systems in theater that either add or replace GPS capabilities are very rarely keyed. At least in my experience.

Bah, we actually had GPS in theater? I feel silly now for having to tape a strip map to the bottom of my windshield when driving places...

GPS is not only used for navigation. I work at an insurance company, and we have dedicated GPS receivers at each of our sites to use the synchronized atomic clocks of the GPS satellites as an NTP source for timing. Financial transactions need to be timestamped correctly, not to mention the network and computers that are transmitting all of that and logging things. The ability to adjust the clock on a GPS system is a big deal, because when our times start skewing more than a few minutes off, network authentication starts breaking, and when we can't accurately determine the order of financial transactions, big government agencies start asking questions.

Synthe- I'm a writer working on about the history of GPS. I'm now researching a part of the book that will deal with GPS' role in timing, particularly as it applies to financial transactions. Would you be available for a brief phone interview. Actually, this goes for anyone reading this, since this is a public post. If you're involved in using GPS for something that most people probably don't know GPS can do (e.g. financial transactions, the electrical grid, etc.), please email me at gmilnermail@gmail.com. I can give you a much more detailed synopsis of the book.

Why is information like this publicly reported? Shouldn't it be fixed before it is even reported to the public? I always worry that public dissemination of exploits like this are dangerous. I can imagine some cyber-terrorist working for a random cause or rogue country reading this article and smiling.

Gotcha! Headline should be get a boyfriend for cold nights in prison cheap!

I admire Ars for reporting, I suppose they aren't really reporting HOW any of this is done.., anybody motivated enough already found this on usenet.

Airlines using GPS? That's new.. I've heard of ATC being provided using GPS, but that's only where radar coverage isn't available. The only time an airliner uses GPS is when it's on the ground, and even then it's of limited use as initial input values. Otherwise you can just as easily use coordinates provided by the airport since parking positions are well known and fixed. The aircraft positioning is self contained for the most part, because obviously attacks like these have always been possible. Commonly referred to as INS, Inertial Navigation System.

WaveRunner, you're way out of date on avionics. Maybe what you said was true back when Beech 18s and TriMotors were the airliners of choice, but no more. The Piper Arrow (180 hp four seater) that I owned and flew most recently had GPS, with proper maintenance it could be approach certified to fly instrument approaches when visibility was limited. Our bug-smasher couldn't, but high end airliners can fly CAT III(c) approaches with zero-zero minimums (zero visibility zero ceilings). Can't do that with guidance from the tower!